Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
- To: firstname.lastname@example.org
- Subject: Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
- From: Marcin Owsiany <email@example.com>
- Date: Mon, 14 May 2007 13:49:06 +0100
- Message-id: <20070514124906.GA10672@kufelek>
- Mail-followup-to: firstname.lastname@example.org
- In-reply-to: <20070513113316.GA5580@galadriel.inutil.org>
- References: <20070513113316.GA5580@galadriel.inutil.org>
On Sun, May 13, 2007 at 01:33:16PM +0200, Moritz Muehlenhoff wrote:
> Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.
> A remote attacker can cause a NULL pointer dereference in the
> nfnetlink_log function.
| nfnetlink_log in netfilter in the Linux kernel before 18.104.22.168 allows
| attackers to cause a denial of service (crash) via unspecified vectors
| involving the (1) nfulnl_recv_config function, (2) using "multiple
| packets per netlink message", and (3) bridged packets, which trigger a
| NULL pointer dereference.
Could someone who knows netfilter a bit better comment on this? In what
circumstances in real life is this exploitable? Is there any workaround?
I'm not using bridging, I don't care about logging, so I'm happy to
disable it, I'm not sure what that netlink thing means..
Marcin Owsiany <email@example.com> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216